Docker

It's possible to run Repo Supervisor inside the Docker container. It gives you more flexibility and you don't need to configure your local environment with Node.JS and npm. At first you need to build up the Docker image:

docker build -t repo-supervisor .

To run the tool inside Docker container you need to trigger a specific command:

After script was deployed it will return a URL address to your webtask which then you can use to setup a webhook.

If you want to deploy webtask with profile different than a standard one you should set env. variable called WT_PROFILE=myprofile just before or right after GITHUB_TOKEN variable.

Webhook

Installing webhook is easy and there is no difference to other webhooks provided by i.e. Zapier or IFTTT.

Before installing a webhook you need to build and install this tool. As a result npm run deploy should return the URL address to your deployed webtask. Point your Payload URL to webtask url and you're ready to go.

❗️ Please ensure that the Content type for a webhook is set to application/json. ❗️

Which events would you like to trigger this webhook?

Let me select individual events.

Pull request

Requirements

After installing all required packages with npm the one additional tool is wt-cli to communicate with webtask.io.

If you don't have an account then create a new one, it's free. All details related to wt-cli are available in the documentation.

Installation process:

npm install -g wt-cli

Introduction

It happens sometimes that you can commit secrets or passwords to your repository by accident. The recommended best practice is not commit the secrets, that's obvious. But not always that obvious when you have a big merge waiting to be reviewed.

This tool allows you to setup a webhook that waits for the Pull Requests and scans all interesting files to check for leaked secrets. Every time PR is updated it rescans latest changes and generates a report.

Both acknowledge and rejection actions are triggering Slack notification which allows to whether improve or fix secrets detection rules.

Create a free account in Auth0

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository
issues section. Please do not report security vulnerabilities on the public GitHub issue tracker.
The Responsible Disclosure Program details the procedure for
disclosing security issues.